If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hey look! I can troll the internet and find counter examples. For heaven's sake - ESTONIA has internet voting since 2005!! Can't think of a more backwards country than Estonia, can you? Here's the proof (see https://www.ndi.org/e-voting-guide/e...ing-in-estonia for the original article):

Internet Voting in Estonia

Estonia has implemented Internet voting in national elections since 2005 and the percentage of voters voting via Internet has trended up in each successive election. Estonia has taken several measures to ensure the secrecy of the vote, primarily through allowing multiple votes to be cast over the Internet by a voter (only the last one is counted) and also prioritizing any paper ballot cast by a voter over Internet votes cast.

Estonia became the first country to offer Internet voting to the entire electorate for nationwide, binding elections. Internet voting has now been provided in local (2005, 2009), parliamentary (2007, 2011), presidential (2011) and European (2009) elections. The first three elections were carried out without major criticisms and with a growing percentage of Internet voters. The 2011 parliamentary elections saw a significant increase in the usage of Internet voting (over 24 percent of all votes were cast using the Internet).

Internet voting is only available before Election Day during an early voting period that normally lasts for one week. Voters may cast their Internet ballots multiple times during this period, and only the last Internet ballot cast is considered valid for the official tally. Various paper ballot options are also available. Voters can cast early paper ballots. Estonians living abroad may cast their ballots by post or vote at an embassy. Voting from ships is also offered.

The names of those voting by Internet are removed from the electoral register used on Election day in the polling station. Any paper ballot cast in the early voting period will be counted, canceling any Internet ballot cast by the voter. The strategy of allowing multiple votes and the primacy of the paper ballot is intended to protect the secrecy of the vote by allowing any voter who may have been coerced or intimidated to vote a certain way the opportunity to vote again in secrecy and overwrite their previous, tainted vote.

Internet voters identify themselves with a smart national ID card or a “mobile ID” (a new authentication channel using mobile phones with specific SIM cards that was introduced in 2011). Once authenticated, the voter casts the ballot through a platform that sends the vote to a central database. The vote is digitally signed (inner “envelope”) and inserted in another virtual and signed “envelope” (outer one) that contains the identification of the voter and the session log.

Hey look! I can troll the internet and find counter examples. For heaven's sake - ESTONIA has internet voting since 2005!! Can't think of a more backwards country than Estonia, can you? Here's the proof (see https://www.ndi.org/e-voting-guide/e...ing-in-estonia for the original article):

"...Internet voting is only available before Election Day during an early voting period that normally lasts for one week..."

Please explain how Estonia's use of a week-long internet voting process is in any way relevant to preventing proxy voting and protecting against internet-borne attacks during Wayland Town Meeting votes, which typically last less than 60 seconds.

Hey look! I can troll the internet and find counter examples. For heaven's sake - ESTONIA has internet voting since 2005!! Can't think of a more backwards country than Estonia, can you? Here's the proof (see https://www.ndi.org/e-voting-guide/e...ing-in-estonia for the original article):

Internet voters identify themselves with a smart national ID card or a “mobile ID” (a new authentication channel using mobile phones with specific SIM cards that was introduced in 2011). Once authenticated, the voter casts the ballot through a platform that sends the vote to a central database. The vote is digitally signed (inner “envelope”) and inserted in another virtual and signed “envelope” (outer one) that contains the identification of the voter and the session log.

Do you seriously think it would be feasible for Wayland to issue cellphone SIM cards for use in voter identification, and require anyone wishing to participate in Town Meeting from home to own an appropriate smartphone? Wouldn't that be considered a poll tax?

See DH - this is the reason I don't get into details with you. Rather than look at solutions constructively and try to build on them to arrive at something that works, you'd rather sit in your comfy chair and shoot down other successful examples. You do realize that there are entire services out there that do online voting for you (for example, eballot) that we could hire using the same money you took to do your ELVIS thing (oh, wait - I guess that was my money you took for that). I don't have enough energy to offer technical solutions because there are holes in all of them that you'll gleefully point out without taking into account the relative risk/reward. Truth be told, no one cares what happens in the antiquated Town Hall votes of Wayland MA outside of the residents. The whole Town Hall concept is 200 years out of date (yes, I'm exaggerating, so please don't point that out). It should be replaced with a modern way of doing business.

By the way - I view your "bluff" comment the same way I view 6 year olds in the playground taunting each other. Nanny nanny woo-woo.

You don't get into details because you don't have any. You posted a counter-example (Estonia) by "trolling the internet" - without bothering to understand what you posted.

Originally Posted by Carl Rosenblatt

Rather than look at solutions constructively and try to build on them to arrive at something that works, you'd rather sit in your comfy chair and shoot down other successful examples.

You have yet to produce anything remotely resembling a "successful example".

Originally Posted by Carl Rosenblatt

You do realize that there are entire services out there that do online voting for you (for example, eballot) that we could hire

Yes, I do. I have contacted many such organizations over the years. None I have contacted have the ability to prevent proxy voting. Does eballot?

Originally Posted by Carl Rosenblatt

using the same money you took to do your ELVIS thing (oh, wait - I guess that was my money you took for that).

The Town of Wayland voted at Town Meeting by a large majority to fund electronic voting at every session of every Town meeting during fiscal years 2012 through 2015; that decision, which you did not publicly oppose, is costing you and every other Wayland citizen less than $10 per year.

ELVIS - Wayland's Electronic Voting Implementation Subcommittee - is a volunteer group that has not taken a dime of funding from any source.

Originally Posted by Carl Rosenblatt

I don't have enough energy to offer technical solutions because there are holes in all of them that you'll gleefully point out without taking into account the relative risk/reward.

You scurrilously posted that solutions for internet voting were available, but their adoption was impeded by an evil minority seeing to control town affairs:

Originally Posted by Carl Rosenblatt

The current setup is too convenient for a small subset of the population to give up by enabling young families to participate in shaping our town. I've advocated for remote voting since I moved into Wayland 20 years ago, and the answers I've always gotten are poor excuses that amount to simply not wanting to make it work.

You've yet to produce a single relevant example of internet voting that could be used to support "Town Meeting Voting from Home". You don't seem to understand that finding a successful mechanism means discovering shortcomings before we put weight on them, not after.

Solution to Proxy Voting Cocnern

I've mentioned before, but we didn't thoroughly discuss, that there are easy, already available ways to authenticate individual users that I would think we could employ for remote voting.

Google has available (for free) Google Authenticator - it creates a constantly changing code that is unique to an individual for authentication purposes. It would be impossible to automatically collect these codes for multiple people and enter them in during a voting window.

Originally Posted by DHBernstein

If the code is machine-readable, then a client application could forward it to an aggregating application that implements proxy voting. If the code is not machine-readable (e.g. via a Captcha), a significant fraction of valid votes would be rejected, particularly under time pressure.

Dave

How hard would it be to generate a version of this that wasn't machine readable? Also, there are devices like this one:
I have one of these that use when I log in remotely for work. I have to enter an eight-digit randomly generated number that constantly changes, with each number good for a very limited time. The number is only displayed on this external unit, so it must be manually entered.

The thousands of employees in my company use these devices without complaint about not being able to get into the network. If a slightly longer window might be required to enable people to successfully get in, so be it.

But to reject these approaches because "a significant fraction of valid votes would be rejected, particularly under time pressure" is to look hard for a reason to reject solutions -- certainly, we could test something like this out to come out with the right solution - the optimal time window to minimize rejections while discouraging proxy voting.

An approach like this would eliminate concerns about proxy voting.

Combine this with existing technology that enables online voting, and I think we have a workable solution.

Kim - reality is, you don't even need a separate device like the one pictured. There are ways to use apps on smartphones that will do the same thing, and this would eliminate the objection that people would have to pay a "tax" to obtain the device. I suppose there are some people out there without smartphones, so I guess they would have to use an app on their computer instead. Then again, maybe there are people without computers. In that case, perhaps smoke signals would work. Oh, but smoke might increase C02 and cause global warming, so maybe we could use semaphores. Hmm... that requires line of sight, so maybe shiny mirrors instead? I'm sure there's some other excuse why your (rather good) idea won't work, but I'll leave it to Mr. Sunshine to bring them up! :-)

I've mentioned before, but we didn't thoroughly discuss, that there are easy, already available ways to authenticate individual users that I would think we could employ for remote voting.

Google has available (for free) Google Authenticator - it creates a constantly changing code that is unique to an individual for authentication purposes. It would be impossible to automatically collect these codes for multiple people and enter them in during a voting window.

How hard would it be to generate a version of this that wasn't machine readable?

That would be a research project, and a difficult one at that. For example recent advances in Google StreetView that enable it to better "read" house numbers on doors and mailboxes are able solve a large fraction of Captchas.

Originally Posted by Kim Reichelt

Also, there are devices like this one:
I have one of these that use when I log in remotely for work. I have to enter an eight-digit randomly generated number that constantly changes, with each number good for a very limited time. The number is only displayed on this external unit, so it must be manually entered.

The thousands of employees in my company use these devices without complaint about not being able to get into the network. If a slightly longer window might be required to enable people to successfully get in, so be it.

Tom Abdella similarly suggested RSA SecurID fobs during a discussion at last year's Special Town Meeting. These would make it more difficult -- but not impossible -- to conduct large-scale proxy voting; by "large scale", I mean submitting 100 votes or more. The challenges are "entering numbers under time pressure", cost, and the logistics of distribution and support. It's one thing to mis-enter a number when trying to log into your network; you swear under your breath, and wait a few seconds for the next number so you can try again. It's another thing if mis-entering a number prevents you from voting YES in an important vote whose result is a tie, as occurred on an Amendment to Article 6 earlier this month. If someone's device fails and they don't notice until the first vote, is it okay for them to be disenfranchised unless they jump into their car and drive to Town Meeting?

Originally Posted by Kim Reichelt

But to reject these approaches because "a significant fraction of valid votes would be rejected, particularly under time pressure" is to look hard for a reason to reject solutions -- certainly, we could test something like this out to come out with the right solution - the optimal time window to minimize rejections while discouraging proxy voting.

An approach like this would eliminate concerns about proxy voting.

Citing a proposal's disadvantages or weaknesses is not tantamount to rejecting that proposal - it's a fundamental component of the process of engineering an acceptable solution. When a weakness or disadvantage is identified, we can look for ways to overcome it or work around it, or we can "mix in" other approaches that synergisticly eliminate the issue. Premature satisficing -- explicitly or implicitly reducing the requirements or lowering the range of acceptable performance in order to "move forward" -- can result in far better solutions being overlooked in a rush to "get something".

This discussion illuminates a key requirement on which we'll ultimately have to agree: what is the minimum acceptable success rate for home voters? For electronic voting on the floor of Town Meeting, the minimum acceptable success rate is 100%. Is that the right requirement for voting from home? If we agree on a number less than 100%, will we be able to withstand the "onslaught" when a very close vote produces a tidal wave of phone calls and text messages reporting home voting failures? What will be the process for determining whether the number of home voting failures on a particular vote was or was not acceptable? How long will we delay declaring a vote final in order to resolve such a situation?

Originally Posted by Kim Reichelt

Combine this with existing technology that enables online voting, and I think we have a workable solution.

Prevention of proxy voting is but one issue. Don't forget about denial-of-service attacks and other hackery that becomes possible when the internet is involved.

Kim - reality is, you don't even need a separate device like the one pictured. There are ways to use apps on smartphones that will do the same thing, and this would eliminate the objection that people would have to pay a "tax" to obtain the device.

Such a scheme would enable someone to acquire or construct an application running on one smartphone or PC that could vote on behalf of thousands of Wayland citizens. Would that be acceptable?

SecurID offers an app that will do the same rolling code work that the fob does. How does that enable anyone from stealing anything? Are you familiar with VPN? Do you understand anything about IP tunnelling, encrypted data, or internet security in general? Doubt it. Why don't you prove you do by writing down everything you know (otherwise it's obvious that you're bluffing).

By the way, WHO CARES ENOUGH ABOUT WAYLAND'S RIDICULOUS TOWN HALL TO GO TO THE TROUBLE OF HACKING INTO A REMOTE VOTE? Seriously. You take yourself and this town way too seriously - it's petty and unconstructive to only raise stupid (wrong) objections to reasonably well thought out suggestions. Kim's ideas are good ones and shouldn't be swept aside with smarmy commentary. Here's a thought: Let's ban Town Hall. We need a Mayor and then this entire waste of everyone's time would go AWAY.

SecurID offers an app that will do the same rolling code work that the fob does. How does that enable anyone from stealing anything?

An app can be reverse-engineered, and thus cannot be relied upon for meaningful security.

Originally Posted by Carl Rosenblatt

Are you familiar with VPN? Do you understand anything about IP tunnelling, encrypted data, or internet security in general?

Yes. I am developing and maintaining an open source application that employs public key cryptography to provide authentication for ~70K users around the world.

Hint: derision is not a valid counter-argument.

Originally Posted by Carl Rosenblatt

By the way, WHO CARES ENOUGH ABOUT WAYLAND'S RIDICULOUS TOWN HALL TO GO TO THE TROUBLE OF HACKING INTO A REMOTE VOTE? Seriously.

The hacker community is driven by reputation. Online voting has been an attractive target for both "white hat" and "black hat" components of this community.

You can wave you hands and claim that security and authentication are unnecessary, but taking that approach would cause knowledgeable residents of Wayland to publicly dismiss "voting from home" as a bad joke. We faced both challenges with wireless electronic voting, even with no connection to the internet whatsoever. Without competent security and prevention of proxy voting, we won't gain the Moderator's support for a trial of "voting from home", much less support from the Massachusetts Elections Commission.

And there it is. Thanks for not disappointing Mr. Sunshine (or should I call you "That's their choice"?). I feel like I'm at a Town Hall now with an endless line of the same person standing at the "con" mike spouting reason after reason why we should crawl into a hole and die. If you're so smart (I mean, wow, you're personally developing an actual OPEN SOURCE application?? Oooohhhh - can I have your signature? That's so complicated, you might need a high school diploma to master that one!) why is it you can't use some public key cryptography (yikes!) to keep the red hats and blue hats from joyfully hacking their way into little 'ole Wayland's vote? And, OMG - we might not "gain the Moderator's support"? No big deal - just fire him and get someone else who will. That's pretty much the role of public servants - to serve the public, and if they don't satisfy those with the power - buh bye. That is what happened to Fred T., isn't it?

And there it is. Thanks for not disappointing Mr. Sunshine (or should I call you "That's their choice"?). I feel like I'm at a Town Hall now with an endless line of the same person standing at the "con" mike spouting reason after reason why we should crawl into a hole and die. If you're so smart (I mean, wow, you're personally developing an actual OPEN SOURCE application?? Oooohhhh - can I have your signature? That's so complicated, you might need a high school diploma to master that one!) why is it you can't use some public key cryptography (yikes!) to keep the red hats and blue hats from joyfully hacking their way into little 'ole Wayland's vote?

Public key cryptography provides no defense against denial-of-service attacks, which would be the easiest way to disrupt realtime votes conducted via the internet.

Originally Posted by Carl Rosenblatt

And, OMG - we might not "gain the Moderator's support"? No big deal - just fire him and get someone else who will. That's pretty much the role of public servants - to serve the public, and if they don't satisfy those with the power - buh bye. That is what happened to Fred T., isn't it?

Let us know when you've replaced the Moderator and the Secretary of the Commonwealth of Massachusetts with persons who will approve a trial of "Town Meeting voting from home via the internet" with no security and no way of preventing proxy voting. Until then, I'll continue to assume that sane people will occupy those positions.